October 17, 2024 at 08:52AM F5 has issued patches addressing a high-severity elevation of privilege vulnerability in BIG-IP and a medium-severity issue in BIG-IQ. The updates are crucial for enhancing security within these platforms. **Meeting Takeaways:** 1. **F5 Patches Released:** – Patches have been issued for two security vulnerabilities in F5 products: – **BIG-IP**: High-severity … Read more
October 11, 2024 at 11:13PM A joint advisory from US and UK agencies warns of a massive Russian hacking campaign exploiting known vulnerabilities, led by APT29. Organizations are urged to prioritize patching systems and improve cyber defenses. Additionally, phone phishing scams are on the rise, and GitLab users need to patch critical vulnerabilities urgently. Here … Read more
October 11, 2024 at 12:38PM CISA warns that threat actors are exploiting unencrypted persistent F5 BIG-IP cookies to identify and target additional internal devices within compromised networks. This highlights the importance of securing sensitive cookies to prevent unauthorized access and potential breaches. **Meeting Takeaways:** 1. **Threat Actor Activity:** CISA has issued a warning regarding the … Read more
October 11, 2024 at 12:30PM CISA warns that unencrypted F5 BIG-IP persistent cookies are being exploited by threat actors to map internal devices, potentially identifying vulnerabilities for cyberattacks. Administrators are advised to enable cookie encryption and consult F5’s guidelines to protect against these security risks, emphasizing the importance of proper configurations. **Meeting Takeaways:** 1. **CISA … Read more
October 11, 2024 at 05:27AM CISA warns of threat actors exploiting unencrypted persistent cookies in F5 BIG-IP Local Traffic Manager for network reconnaissance. Organizations are advised to encrypt these cookies and use the BIG-IP iHealth diagnostic tool. Meanwhile, joint U.S.-U.K. agencies highlight threats from APT29, a Russian military intelligence group targeting various sectors. **Meeting Takeaways … Read more
July 2, 2024 at 05:18AM Cisco has released patches for a zero-day vulnerability, CVE-2024-20399, in its NX-OS software. The medium-severity flaw allows local attackers to execute arbitrary commands with root privileges. Exploited by a China-linked cyberespionage group, the bug impacts various Cisco switch series. Cybersecurity firm Sygnia discovered and reported the vulnerability and advises updating … Read more
June 18, 2024 at 12:36PM A state-sponsored threat actor, Velvet Ant, maintained persistent access to a victim organization’s network for three years using a legacy F5 BIG-IP appliance, deploying various tools and techniques to compromise critical systems and access sensitive data. The cybersecurity firm Sygnia believes they are a China-based threat actor with sophisticated OPSEC … Read more
June 17, 2024 at 01:41PM The group Velvet Ant, believed to be Chinese cyberespionage actors, deployed custom malware on F5 BIG-IP appliances to establish persistent connections and steal data from a company undetected for nearly three years. Sygnia discovered the intrusion, outlining the attack methods and re-infection chain. They also provided defense recommendations to counter … Read more
March 22, 2024 at 08:33AM A China-linked threat group utilized security flaws in Connectwise ScreenConnect and F5 BIG-IP to distribute custom malware for creating backdoors on compromised Linux hosts. The group, tracked as UNC5174, has targeted various organizations, including research institutions and government entities in the U.S. and U.K. They have also been observed trying … Read more
December 20, 2023 at 04:59PM Israel National Cyber Directorate warns of phishing emails posing as F5 BIG-IP zero-day security updates, deploying data wipers for Windows and Linux. Israeli organizations targeted by pro-Palestinian and Iranian hacktivists since October. New phishing attack delivers data wipers through fake F5 update emails. Wipers communicate with a Telegram channel, posing … Read more